What's different in Kali Nethunter compared to the standard Kali Linux distro?

Kali Linux NetHunter is a special version of the Kali Linux distribution that is built for use on mobile devices. It includes a custom kernel that supports wireless injection, as well as a number of tools for penetration testing and digital forensics.

What are key features on Kali Linux Nethunter?

  • Support for wireless adapters and USB Ethernet adapters
  • A custom user interface that is optimized for use on mobile devices
  • Pre-installed tools for penetration testing and digital forensics, including Nmap, Wireshark, and Aircrack-ng
  • Support for wireless injection and penetration testing
  • A number of additional tools and scripts that have been specifically designed for use on mobile devices

Why is Kali Linux popular among hackers?

Kali is a popular distro among the security community due to its design, it incorporates tools oriented towards penetration testing, security research, computer forensics and reverse engineering. Kali Linux became mainstream popular thanks to the TV Series Mr. Robot.

NetHunter supports Wireless 802.11 frame injection, one-click MANA Evil Access Point setups, HID keyboard (Teensy like attacks), as well as BadUSB MITM attacks - and is built upon the sturdy shoulders of the Kali Linux distribution and toolsets.

Whether you have a Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10 or OnePlus One we've got you covered. Our freely downloadable images come with easy to follow installation and setup instructions to get you up and running in no time at all.

As an experienced penetration tester or security professional, it is imperative that you trust the tools you work with. One way to achieve this trust is by having full transparency and familiarity with the code you are running. You are free to read, investigate, and change our build scripts for the NetHunter images. All of this goodness from the house of Offensive Security and developers of Kali Linux.

Features

  • 802.11 Wireless Injection and AP mode support with multiple supported USB wifi cards.
  • Capable of running USB HID Keyboard attacks, much like the Teensy device is able to do.
  • Supports BadUSB MITM attacks. Plug in your Nethunter to a victim PC, and have your traffic relayed though it.
  • Contains a full Kali Linux toolset, with many tools available via a simple menu system.
  • USB Y-cable support in the Nethunter kernel - use your OTG cable while still charging your Nexus device!
  • Software Defined Radio support. Use Kali Nethunter with your HackRF to explore the wireless radio space.

HID Keyboard and 'BadUSB' Attacks

Our NetHunter images support programmable HID keyboard attacks, (a-la-teensy), as well as "BadUSB" network attacks, allowing an attacker to easily MITM an unsuspecting target by simply connecting their device to a computer USB port. In addition to these built in features, we've got a whole set of native Kali Linux tools available for use, many of which are configurable through a simple web interface.

Configuration Management

The Kali NetHunter configuration interface allows you to easily configure complex configuration files through a local web interface. This feature, together with a custom kernel that supports 802.11 wireless injection and preconfigured connect back VPN services, make the NetHunter a formidable network security tool or discrete drop box - with Kali Linux at the tip of your fingers wherever you are.

What' New

Smartwatch Wi-Fi Injection

After 3 years, we are proud to introduce the first actual smartwatch that finally has wireless injection support! Thanks to the exceptional collaboration by @yesimxev and @Jakob Link from NexMon team. Countless emails, lost brain cells, but it was worth it. Now Kali NetHunter on the TicWatch Pro 3 (all variants with bcm43436b0 chipset) supports wireless injection, de-authentication, and able to capture WPA2 handshakes! Check out the install guide.

CARsenal

CAN Arsenal come with a new version by @V0lk3n. It is now renamed as CARsenal, to better match the goal which is to provide a car hacking tool set.

Code got a lot of rewrite, and provide a more friendly UI.

Also it come with new tools such as:

  • hlcand: Modified slcand for ELM327 use
  • VIN Info: Decode your VIN identifier
  • CaringCaribou: Actually provide Listener, Dump, Fuzzer, Send, UDS and XCP modules
  • ICSim: Provide a great simulator to play with VCAN and test CARsenal toolset without hardware needed

Actual kernel with CAN support enabled:

  • Samsung Galaxy S9 (A13/exynos9810)
  • Samsung Galaxy S10 (A14 & A15/exynos9820)
  • (NEW!) Realme C15 (A10)
  • (NEW!) Redmi Note 11 (A15)

Its documentations and kernel configuration has been updated as well.

Android Radio

There's another possibly first use case of Kali NetHunter KeX running on Android radio. A teaser to the upcoming Android Auto support…

Kali NetHunter Kernels

Kali NetHunter kernels updates:

  • (NEW!) Xiaomi Redmi 4/4X (A13) (by @MomboteQ)
  • (NEW!) Xiaomi Redmi Note 11 (A15) (by @Madara273)
  • Updated Realme C15 (A10) (by @Frostleaft07)
  • Updated Samsung Galaxy S10 (A14,A15/exynos9820) (by @V0lk3n)
  • Updated Samsung Galaxy S9 (A13/exynos9810) (by @V0lk3n)

Kali ARM SBC Updates

We will start off with some Raspberry Pi updates:

  • We have combined some of our Raspberry Pi images, so that Raspberry Pi 5 does not need its own separate image . It is now supported by our 64-bit image! This is reflected by the new name of the download link on get-kali.
  • Raspberry Pi devices have had their kernel upgraded to a 6.12 based kernel. This was made possible thanks to @Nurse Jackass who add support to the brcmfmac nexmon driver.
  • Additionally, the udev rule that used to allow you to run vgencmd without requiring root rights on Raspberry Pi devices was updated, so you no longer need elevated privileges to run it.

Now onto some USB Armory MKII:

  • It also has had its kernel upgraded to a 6.12 based kernel.
  • The bootloader upgraded to 2025.04.
  • PowerShell on the ARM images has been bumped from 7.1.3 to 7.5.1

Build-scripts:

  • Mirror replacement is fixed, so if you want to build a custom image pointing at a specific mirror, just follow the instructions in the README
  • Occasionally there would be a build failure with no output. This was tracked down to the limit_cpu function and has been fixed so we no longer swallow the error code when there is one, and pass it on so when a failure happens we can know why.

Complete release notes can be found here.